<?php

namespace App\Policies;

use App\Http\Requests\PasswordRequest;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;

//1.命令创建权限模型
//2.在app\providers\authserviceprovider.php中注册策略
//3.在当前文件中的update方法中编写策略
//4.在use\index.blade.php中使用@can指令  谁有权限谁可以看
class UserPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function view(User $user, User $model)
    {
        //
    }

    /**
     * Determine whether the user can create models.
     *
     * @param  \App\User  $user
     * @return mixed
     */
    public function create(User $user)
    {
        //
    }

    /**
     * Determine whether the user can update the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function update(User $user, User $model)
    {
        //在这个全县策略中，对应的方法可以根据自己的需要写不通过操作的权限返回值，返回值是真，代表有权限，返回值是假，代表没权限
        return $user->is_admin || $user->id == $model->id;


    }

    /**
     * Determine whether the user can delete the model.
     *
     * @param  \App\User  $user
     * @param  \App\User  $model
     * @return mixed
     */
    public function delete(User $user, User $model)
    {
        //权限限制不能删除自己
        return $user->is_admin && $user->id != $model->id;
    }
}
